<?php  /*author Daryl Hop Yek*/
// this code checks to see if the username exists in the session
// since this variable is set by the login script, it means the user is logged in.
// if the username session variable is empty, it checks if it came from a form and then logs in 
// by setting the session variable username

	$_SESSION['msg'] = "Not logged in!";
	if ($_POST['username'] != "")
	{
		include("dbconnect.php");
		$sql = "SELECT * FROM USER WHERE username = '$_POST[username]'";
		foreach ($dbh->query($sql) as $row)
		{
			if ($row[password]==$_POST['password'])
			{
				$_SESSION['userType'] = $row[usertype];
				$_SESSION['username'] = $row[username];
				//$_SESSION['username'] = $_POST['username'];
				$_SESSION['msg'] = "Logged in! ";
			}
			
		}
		if ($_SESSION['msg'] == "Not logged in!")
		{
			$_SESSION['username'] = "Guest";
		}
		$dbh = null;
	}
	else
	{
		$_SESSION['username'] = "Guest";
	}
?>